CyberWire Daily - Joe Carrigan: Build your network. [Security engineer] [Career Notes]
Episode Date: February 20, 2022Senior security engineer with the Johns Hopkins University Information Security Institute and the Institute for Assured Autonomy, Joe Carrigan, shares what he calls his life mistake and what spurred h...im to finally choose a career in technology. Throughout his life, Joe had interest in technology, he even worked at the computer lab in college, but never set his sights on that for a career. A conversation with a stranger guided him in that direction and he's been there ever since. As co-host of the CyberWire's Hacking Humans, Joe sees some heartbreaking results of scams and feels education of the public will help to prevent these. Joe reminds us to build our networks as they include people we can always go back to either when searching for a position or looking to fill one on our teams. We thank Joe for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
My name is Joe Kerrigan.
I am a senior security engineer with the Johns Hopkins University Information Security Institute and the Institute for Assured Autonomy. I don't know that I had any such recollection of what I wanted to do.
I was kind of aimless.
I did in 1981, I think my dad got an Osborne computer and I was like, this is great.
I enjoy playing with this and writing code.
And I actually taught myself how to write basic on that. And it was a lot of fun to play with. But shortly after that, as computers
progressed on, my father maintained that Osborne and worked on that Osborne well into the 90s
before he got himself a new computer. So I didn't have any other computing experiences growing up
around the house. When I saw somebody, the first IBM compatible computers,
I had absolutely no idea what I was looking at
because I had never seen a DOS operating system.
At that point in time, I had made what I describe as a life mistake
of getting involved in high school theater.
I probably shouldn't have done that
because I thought that's what I wanted to do
for the rest of my life.
When I went to college, I quickly figured out
that's not what I wanted to do.
I took a class, an introduction to computer science course,
which actually had absolutely nothing to do
with computer science.
It was how to be a user of a computer.
And it was a terrible course.
I straight up got an F in that course. But the
funny thing is, shortly after that, I got a job working in the computer lab with a guy that would
actually become my first IT mentor. But I actually got on to the computer labs and started learning
the Unix-like operating system that ran the deck and learning how to work my way around a Windows
system and an Apple system.
And I said, this is really cool.
But it never really clicked with me that this is what I should do.
So I stuck with the mass comp thing, completely believing that I was going to be some kind
of radio guy.
And I don't know if you know what happened in the radio business around that time, even
as I was graduating college.
I should have seen the writing on the wall,
but the entire industry has been commoditized
into one homogeneous mass of maybe three or four companies
that now own the entire spectrum across the nation.
A company like Clear Channel
starts gobbling up all the radio stations.
Which I think is kind of unfortunate,
but it is what happens.
They can outbid a lot of small, smaller outlets.
That means that if you want to be a DJ, you can't go to a small market,
start up and work your way up the chain.
So I gave up on that dream and I went into what I thought was going to be great,
was going to be sales.
Now, I'm a very technical person, which means I probably suck at sales.
And I do. I am terrible at sales.
I couldn't sell a lifesaver to a drowning man, essentially, is just the way to put it.
I started realizing that and actually about the same time as my employer started realizing that
because the end of my sales career went down just like this.
I walked into my office with my two weeks notice in hand
and there sitting at my desk is my replacement.
After that, I went to a job in a local defense contractor.
At this point in time,
I didn't know what I was going to do.
And it all changed one day when I was driving home
and I get to the metro station in Shady Grove and there's
some guy looking for a ride because he's missed the last shuttle bus that goes from Shady Grove
up to the park and ride. As I'm riding up there with him, he says, do you have any technical
capabilities? I'm like, well, I used to work in a computer lab in college and I taught myself how
to program when I was 12. And he goes, you know what you should do is you should get into tech right now.
Get into some kind of IT,
either administration or software development.
Do something to get into the tech field and do that now.
My wife looks at me and she says,
that's what I've been telling you to do
for the past three years.
I found a school, a local school here. It was University of Maryland University College. It's now University of Maryland Global Campus. They had a second
bachelor's program. So I started on that to get a degree in computer and information science,
which was like a computer science degree, but without the math requirement because
I didn't think I was good at math.
Once I got the first class under my belt,
it was a NetWare administration class.
If anybody's listening and they remember NetWare,
they've been in the business for a very long time.
I got a job doing NetWare administration
and tech support and help desk.
And that was my first job into the field.
After that, I moved up to a new position where I was actually like a junior programmer because I
wanted to do more programming. Went back into the defense contractor I had previously left,
but came back in at this time as a programmer, not a software engineer, and spent time there
developing my skills and actually went on to get a master's in computer science. I was working with this team and we had a Hopkins professor who had some work for us to do for his
company. So when I went looking for a new job, I actually wound up taking a job with Hopkins.
And that's where I've been since. And because I had worked with Avi before, Avi Rubin, so I came
in here and Avi was kind
enough to say, yeah, Joe's a good guy. He knows what he's doing. One of my biggest concerns is
I'm really concerned about the cybersecurity practices of the average person and how their,
security practices of the average person and how their, what we call cyber hygiene, when they don't practice good cyber hygiene, what kind of risk that puts them at. I'm working on now a survey
for assessing the level of that risk for residents of Maryland. There has to be some kind of education
to the public about these kinds of scams. People get taken in by them all the time. I talk about
them on Hacking Humans. The losses to the individual can be devastating. We often talk about losses to companies and the
millions of dollars, and that can be bad too. But when you hear the story about somebody who's
struggling to get by and they've gotten hit by an employment scam and now they can't pay their rent,
that's heartbreaking. Or when you hear the story of the elderly person who got hooked into a romance scam and has lost literally all of their money.
We hear that frequently.
It's terrible.
What happens?
And how do we stop that from happening?
I think public education is the way to go about doing that.
I deal with a lot of overwhelmingly sad information sometimes.
I'm actually pretty good at emotionally detaching from things,
from situations, maybe too good at it.
Sometimes, though, it does kind of get me down.
And I find that friends and family are a good way to help with that.
You know, staying focused is good.
Remembering what's important in life.
You know, the analogy of the old rocks in the jar,
which what are your big rocks?
You put those in the jar first.
Build a network.
Everybody you work with is a connection in your network and you will have no
better group of people to work with down the road when it comes time for you to make a move
or for you to go looking for somebody to fill a position in your organization.
I looked back, I actually did the math on this one time. I was wondering how many times,
because at one point in time during a job search,
I was getting call after call after call
from recruiters, third-party recruiters.
And I started thinking,
how effective are third-party recruiters
and how effective is my network at getting me a position?
And I went all the way back to my first job at Chuck E. Cheese
back when I was 14 years old,
making pizzas and dressing as a mouse to entertain children. That's probably the worst job I ever had. And it
turns out just over two-thirds of them came from my network and one-third of them came from
recruiters. These people in your network know what your strengths and your weaknesses are already.
Do your best to demonstrate your worth to people that you think will be
in your network for the long haul.
And build relationships with people.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information
from hundreds of data brokers.
I finally have peace of mind
knowing my data privacy is protected.
Delete.me's team does all the work for you
with detailed reports
so you know exactly what's been done.
Take control of your data
and keep your private life private
by signing up for Delete.me.
Now at a special discount for our listeners.
Today, get 20% off your Delete.me plan when you go to joindeleteme.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout that's joindelete
me.com slash n2k code n2k